Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PBJjwWm3FNYmKDKlr11pHLlOrGk.roa
File:                     PBJjwWm3FNYmKDKlr11pHLlOrGk.roa (raw, json)
Hash identifier:          /EDjQB/ySBsTi6pfh4zRjgsPbhtNFWDlr8va/X/KOwc=
Subject key identifier:   3C:12:63:C1:69:B7:14:D6:26:28:32:A5:AF:5D:69:1C:B9:4E:AC:69
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019424B3E6B6D5E31FDFEB7E401204DF925E
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PBJjwWm3FNYmKDKlr11pHLlOrGk.roa
Signing time:             Thu 02 Jan 2025 01:49:17 +0000
ROA not before:           Thu 02 Jan 2025 01:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210092
IP address blocks:        185.253.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e6:b6:d5:e3:1f:df:eb:7e:40:12:04:df:92:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jan  2 01:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c1263c169b714d6262832a5af5d691cb94eac69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d4:d9:08:92:4d:6c:68:6a:b9:54:ec:71:51:
                    74:cb:ce:48:8e:2e:25:8d:a4:eb:53:c0:e9:97:28:
                    d8:c5:2e:5c:58:e8:1c:0a:7f:29:ed:3a:e3:60:02:
                    2d:93:15:14:a0:e9:c2:eb:7d:af:b2:b7:f8:4f:57:
                    88:1f:a9:ae:dc:31:ed:1d:d4:29:65:43:c2:d8:f3:
                    d1:75:18:48:69:1f:d6:13:03:9a:5f:73:45:dc:f1:
                    41:28:cc:83:98:5d:08:ad:7c:a4:3c:e9:1e:89:c5:
                    64:dd:0b:95:24:cb:27:c0:72:1d:ed:e1:ed:62:b6:
                    71:ef:a4:1b:56:be:4c:25:94:48:1d:1e:68:fc:9b:
                    29:cd:ba:b2:a9:69:ad:61:9c:0a:9a:d9:c9:e0:d6:
                    76:67:85:97:52:71:27:65:8e:d3:0f:6b:29:fd:c0:
                    b2:68:29:c4:48:2a:b2:fb:2a:42:05:9b:ba:04:eb:
                    25:1e:d9:49:b8:d7:82:3b:cb:eb:80:8d:77:ac:32:
                    34:75:42:33:4b:93:37:22:f5:29:65:26:1b:e8:f1:
                    72:02:55:e2:39:fc:f7:03:5e:d5:ca:f5:43:b9:1b:
                    e6:e3:9a:37:b9:93:e7:cf:ac:84:fb:5f:db:45:aa:
                    bd:8e:58:85:37:3f:7e:32:c6:ac:8c:b1:8f:7d:aa:
                    e0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:12:63:C1:69:B7:14:D6:26:28:32:A5:AF:5D:69:1C:B9:4E:AC:69
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/PBJjwWm3FNYmKDKlr11pHLlOrGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f7:b6:c4:66:bd:89:63:fd:a5:ac:da:da:91:21:76:0f:66:
         90:67:6d:b1:ff:53:23:16:61:49:af:a0:cf:69:7b:a7:e0:9f:
         47:e7:ce:49:b1:9d:f1:ef:fd:3b:9f:4b:41:df:1e:04:62:44:
         b6:c6:fd:c1:6a:48:3e:df:79:7b:79:7f:eb:a6:c8:af:d0:4b:
         e4:e0:eb:84:3a:72:f0:2c:31:4a:33:07:ee:03:12:dd:d6:e4:
         25:66:37:02:4b:3e:62:df:24:59:32:54:fd:b1:7f:11:1b:d4:
         c7:ce:84:91:dd:6f:c3:09:57:43:98:4c:d9:2f:40:c8:b2:6d:
         41:f1:36:95:69:6c:1c:fd:84:fb:c4:78:bc:57:9f:37:75:c0:
         1c:d0:c2:40:78:51:42:ec:28:56:73:66:6b:00:8f:b5:78:52:
         b6:25:56:ef:bc:cc:4c:bf:59:7a:90:11:f5:6b:53:b2:cc:79:
         d1:ff:d1:e3:20:f7:04:60:1c:07:ae:12:68:67:a0:f9:a8:38:
         5d:48:50:db:e0:02:c3:72:04:9e:e3:ad:e6:b3:b4:0f:c6:05:
         1c:db:ba:b2:78:72:c5:2b:4c:9d:be:83:41:22:2c:0a:f9:12:
         4d:06:1d:ee:7c:d7:32:49:f2:cd:7c:ac:71:d2:54:df:30:3d:
         f4:18:09:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+a21eMf3+t+QBIE35JeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwMTAyMDE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzEyNjNjMTY5YjcxNGQ2MjYyODMyYTVhZjVkNjkxY2I5NGVhYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9TZCJJNbGhquVTscVF0y85Iji4l
jaTrU8DplyjYxS5cWOgcCn8p7TrjYAItkxUUoOnC632vsrf4T1eIH6mu3DHtHdQp
ZUPC2PPRdRhIaR/WEwOaX3NF3PFBKMyDmF0IrXykPOkeicVk3QuVJMsnwHId7eHt
YrZx76QbVr5MJZRIHR5o/JspzbqyqWmtYZwKmtnJ4NZ2Z4WXUnEnZY7TD2sp/cCy
aCnESCqy+ypCBZu6BOslHtlJuNeCO8vrgI13rDI0dUIzS5M3IvUpZSYb6PFyAlXi
Ofz3A17VyvVDuRvm45o3uZPnz6yE+1/bRaq9jliFNz9+MsasjLGPfargWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwSY8FptxTWJigypa9daRy5TqxpMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvUEJKandXbTNGTlltS0RLbHIxMXBITGxPckdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf3YMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ97bEZr2JY/2lrNrakSF2D2aQZ22x/1MjFmFJr6DP
aXun4J9H585JsZ3x7/07n0tB3x4EYkS2xv3Bakg+33l7eX/rpsiv0Evk4OuEOnLw
LDFKMwfuAxLd1uQlZjcCSz5i3yRZMlT9sX8RG9THzoSR3W/DCVdDmEzZL0DIsm1B
8TaVaWwc/YT7xHi8V583dcAc0MJAeFFC7ChWc2ZrAI+1eFK2JVbvvMxMv1l6kBH1
a1OyzHnR/9HjIPcEYBwHrhJoZ6D5qDhdSFDb4ALDcgSe463ms7QPxgUc27qyeHLF
K0ydvoNBIiwK+RJNBh3ufNcySfLNfKxx0lTfMD30GAlA
-----END CERTIFICATE-----